CVE-2010-4529 - Vulnerability Details - OpenCVE

Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.0005.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

No data.

References

Link	Providers
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdac1e0697356ac212259f2147aa60c72e334861
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html
http://openwall.com/lists/oss-security/2010/12/23/1
http://openwall.com/lists/oss-security/2011/01/03/1
http://secunia.com/advisories/42684
http://secunia.com/advisories/43291
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37
http://www.securityfocus.com/bid/45556
http://www.spinics.net/lists/netdev/msg150842.html
http://www.vupen.com/english/advisories/2011/0375

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-01-13T18:35:00.000Z

Updated: 2024-08-07T03:51:17.171Z

Reserved: 2010-12-09T00:00:00.000Z

Link: CVE-2010-4529

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-01-13T19:00:04.370

Modified: 2026-04-29T01:13:23.040

Link: CVE-2010-4529

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-22T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-02-04T10:00:00.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "45556", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45556"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"name": "[netdev] 20101222 [PATCH] irda: prevent integer underflow in IRLMP_ENUMDEVICES", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.spinics.net/lists/netdev/msg150842.html"}, {"name": "42684", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42684"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdac1e0697356ac212259f2147aa60c72e334861"}, {"name": "ADV-2011-0375", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0375"}, {"name": "[oss-security] 20101223 CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2010/12/23/1"}, {"name": "SUSE-SA:2011:008", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"}, {"name": "[oss-security] 20110103 Re: CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/01/03/1"}, {"name": "43291", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43291"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4529", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "45556", "refsource": "BID", "url": "http://www.securityfocus.com/bid/45556"}, {"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"name": "[netdev] 20101222 [PATCH] irda: prevent integer underflow in IRLMP_ENUMDEVICES", "refsource": "MLIST", "url": "http://www.spinics.net/lists/netdev/msg150842.html"}, {"name": "42684", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42684"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fdac1e0697356ac212259f2147aa60c72e334861", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fdac1e0697356ac212259f2147aa60c72e334861"}, {"name": "ADV-2011-0375", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0375"}, {"name": "[oss-security] 20101223 CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2010/12/23/1"}, {"name": "SUSE-SA:2011:008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"}, {"name": "[oss-security] 20110103 Re: CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/01/03/1"}, {"name": "43291", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43291"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:51:17.171Z"}, "title": "CVE Program Container", "references": [{"name": "45556", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/45556"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"name": "[netdev] 20101222 [PATCH] irda: prevent integer underflow in IRLMP_ENUMDEVICES", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.spinics.net/lists/netdev/msg150842.html"}, {"name": "42684", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42684"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdac1e0697356ac212259f2147aa60c72e334861"}, {"name": "ADV-2011-0375", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0375"}, {"name": "[oss-security] 20101223 CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2010/12/23/1"}, {"name": "SUSE-SA:2011:008", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"}, {"name": "[oss-security] 20110103 Re: CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/01/03/1"}, {"name": "43291", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43291"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4529", "datePublished": "2011-01-13T18:35:00.000Z", "dateReserved": "2010-12-09T00:00:00.000Z", "dateUpdated": "2024-08-07T03:51:17.171Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "76630B45-B590-4651-972E-F938A83010C0", "versionEndExcluding": "2.6.37", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call."}, {"lang": "es", "value": "Un desbordamiento de enteros en la funci\u00f3n irda_getsockopt en net/irda/af_irda.c en el kernel de Linux anterior a v2.6.37 en plataformas no x86 permite a usuarios locales obtener informaci\u00f3n potencialmente sensible de la memoria del kernel a trav\u00e9s de llamadas getsockopt IRLMP_ENUMDEVICES."}], "id": "CVE-2010-4529", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-01-13T19:00:04.370", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdac1e0697356ac212259f2147aa60c72e334861"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2010/12/23/1"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/01/03/1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42684"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/43291"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/45556"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.spinics.net/lists/netdev/msg150842.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0375"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdac1e0697356ac212259f2147aa60c72e334861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2010/12/23/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/01/03/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42684"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/43291"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/45556"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.spinics.net/lists/netdev/msg150842.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0375"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "nvd@nist.gov", "type": "Primary"}]}